I've a small problem and I don't find the good solution.
My DMZ uses range 192.168.0.0/24.
When I go to Satus -> System Logs -> Firewall, I've many lines like :
Sep 28 12:20:11 INTERNET 192.168.0.12:138 192.168.0.255:138 UDP
Sep 28 12:19:28 INTERNET 192.168.0.60:137 192.168.0.255:137 UDP
Wich rule have I to add to accept all traffic?
Thank you for your help,
Ok Im confused, why is "internet" source IP private and the same as your dmz? That is is broadcast traffic, why would you want to send broadcast traffic from the internet into your dmz??
Good question! :o
In fact, my firewall as 2 network cards on the same network, one for DMZ and one for Internet.
What have I to change?
What could I provide exactly to you for help me?
And your behind a NAT router as well?? Why are you seeing private 192.168.x.x address on your internet connection??
As to 2 network cards on the same network?? WHAT? That is kind of pointless, your interfaces should be on "different" network. If you want to isolate a segment as your DMZ that is fine, but sure wouldn't make it the same ip space as your other non dmz network.
posting of your interfaces couldn't hurt in trying to understand your setup.. Maybe a drawing of your network layout
example here is my interfaces
As you can understand, I'm not a specialist, unfortunatly :'(
Here's my config :
In fact, my firewall is a VM machine and shares the same network, I only have one network card.
Is it more clear?
So your firewall is VM without only 1 actual physical interface? And I will ask again, are your behind an actual real router as well?? I assume that if your internet interface is seeing private IPs?
And I think your a little fuzzy on the proper use of the term DMZ as well, where is your LAN? Kind of hard to have a DMZ to isolate your services your exposing to the internet from your local network, without the actual local network ;)
So this VM host, how many interfaces does it have? Can you draw out your network for me, and exactly what are you trying to do with pfsense on a VM that is not really exposed to the public internet, and has not LAN?